Too Rush - Get More Traffic

Sunday, December 30, 2007

[Keralites] Several critical security holes in Apple QuickTime

Several critical security holes in Apple QuickTime

With QuickTime 7.3.1, Apple is closing one known and a number of new critical security holes via which it is possible to infect a computer with malware. A buffer overflow can be triggered by manipulation of the content-type header in an RTSP data stream and exploited to smuggle malicious code into the attacked system. The hole has been known for three weeks and has already been actively exploited for almost two weeks in order to compromise the systems of visitors to prepared Web sites. Whether the attacks are aimed only at Windows users, or Mac users are also targeted, is not known.

With its update, Apple is also eliminating a heap overflow in the processing routines for QTL files, through which code can similarly be introduced and executed with the user's rights. Finally, the Flash Media handler of QuickTime has a number of security holes, at least one of which can be exploited to put a system under remote control.

According to the security advisory, the update does not rectify the actual holes, but disables the Flash Media handler. The handler is only allowed to process a restricted number of QuickTime films known to be safe. Apple does not explain precisely how this is supposed to work. The Flash handler has been a component of QuickTime since version 4 and enables Macromedia Flash SWF 3.0/4.0 files to be embedded as a track in a QuickTime film.

QuickTime 7.3.1 for Windows (Vista, XP), Panther, Tiger and Leopard is ready for downloading. Apple users need to collect 50 MB, Windows users only 20 MB.

Because of the number of holes in QuickTime that have become known this year, it currently looks by far the most dangerous tool for playing back videos and music. Although a problem with Windows Media was eliminated on the last Microsoft patch day, statistics from the SANS Institute show far fewer holes in Microsoft's media player.

See also:

11-thumb.gif

        Visit SparksSpace

 

 

__._,_.___
KERALITES - A moderated eGroup exclusively for Keralites...
To subscribe send a mail to Keralites-subscribe@yahoogroups.com.
Send your posts to Keralites@yahoogroups.com.
Send your suggestions to Keralites-owner@yahoogroups.com.

To unsubscribe send a mail to Keralites-unsubscribe@yahoogroups.com.

Homepage: www.keralites.net
Recent Activity
Visit Your Group
Y! Messenger

Files to share?

Send up to 1GB of

files in an IM.

Moderator Central

Yahoo! Groups

Get the latest news

from the team.

Yahoo! Groups

Real Food Group

Share recipes

and favorite meals.

.

__,_._,___

0 comments: